Everyone still hopes to have a romantic fling by swiping right on seemingly perfect profiles on dating apps. We get so excited that we often forget about the dangers posed by social engineering attackers. These attackers deceive their targets by crafting believable stories that exploit their trust. They exploit the way people think to induce a sense of comfort and lower their defenses. Essentially, the attackers pretend to be someone trustworthy to gain access to sensitive information.

What is Social Engineering?

Social Engineering uses human interaction and manipulation to gain access to your sensitive private/personal information. Online crooks deceive users to get their hands on their money. 

Social Engineering encompasses a range of tricks used by cybercriminals to manipulate people into doing things they don't want to do, driven by the pursuit of profit.

Threat actors use social engineering to disguise themselves and their motives, often by acting as trusted individuals.

Ways to Identify a Social Engineering Attack

If you come across any of the following, note that they are major red flags, indicating that social engineering attackers are already at play.

• Receiving unsolicited emails or text messages from someone you don’t know.
• The message is supposedly very urgent.
• The message requires you to click on a link or open an attachment.
• The message contains many typos and grammatical errors.
• Similarly, you receive a call from someone you don't know.
• The caller tries to obtain personal information from you.
• The caller is attempting to get you to download something.
• The caller speaks with a great sense of urgency and/or aggression, similarly to the previous point.

Types of Social Engineering

Here are the key social engineering attacks to be aware of:

Phishing

Phishing uses email and text messaging to lure victims into clicking on malicious attachments or links to harmful websites.

Baiting

Baiting uses a false promise to tempt victims via greed or interest. For example, malicious attackers leave a malware-infected flash drive, or a bait, in a public place. A potential victim may be interested in its contents and insert it into their device, unwittingly installing malware.

Pretexting

Pretexting In this attack, one actor lies to another to gain access to data. For example, an attacker may pretend to need financial or personal data to confirm the identity of the recipient.

Scareware

Scareware involves victims being scared with false alarms and threats. Users might be deceived into thinking that their system is infected with malware. They, then, install the suggested software fix — but this software may be the malware itself, for example, a virus or spyware. Common examples are pop-up banners appearing in your browser, displaying text like “Your computer may be infected.” It will offer to install the fix or will direct you to a malicious website.

Spear phishing and whaling

Like phishing, the attack is specifically targeted at a particular individual or organization. Similarly, whaling attacks target high-profile employees, such as CEOs and directors.

Tailgating

Also known as piggybacking, tailgating is when an attacker walks into a secure building or office department by following someone with an access card. This attack presumes others will assume the attacker is allowed to be there.

What happens when you respond to a Social Engineering attempt? What should we do? Read more to learn what to do.

Trend Micro’s Antivirus One

Antivirus One offers live antivirus monitoring to protect your computer from viruses, adware, ransomware, spyware, and all other kinds of malware attacks. But best of all, you can get it for FREE! Its key features include:

1. Fast and thorough scans in under a minute — and the power to eliminate anything malicious if found.
2. Constant, real-time web threat protection as you browse.
3. Data privacy sweeps — in which your personal data will be sought out and eliminated before leaked on dangerous websites.

If you found this article interesting or helpful, please share it with your friends and family to help keep the online community safe. Feel free to leave a like and comment as well.

Trend Micro Community!

Learn to boost your device's performance by identifying and disabling resource-intensive features. Smartphones are now essential for various tasks, but certain features like background app refresh, live wallpapers, widgets, and animations can slow them down. Recognize that every app consumes resources differently, and manufacturers often provide options to limit such features to maintain efficiency. When your phone reaches its limits, you might receive messages like "This feature has been turned off because it slows down your phone."

Why are we getting this?

•  Protect user data
  To enhance security and protect your privacy, app permissions may be revoked from unused apps after a period of inactivity, reducing the risk of unauthorized data access.
  
  
  
• Power-saving features
  Apps may be automatically put to sleep or have their permissions disabled when not in use for a long time to save battery and optimize device performance.
  
  
  
• User disables the permission
  Users may manually turn off an app's permission if they no longer want the app to access a particular feature or if they have concerns about their privacy and security.
  
  
  
• App updates
  App updates can sometimes disable app permissions due to changes in the app's features, security updates, or other reasons.
  
  
  
• Device updates
  Updates to the device's operating system can modify the security settings and permissions, which may result in certain features being disabled.
  
  
  
• Security concerns
  If the app or feature has been found to pose a security risk, such as being outdated or flagged by a security scan, the device manufacturer may disable it to protect the user's device and data.
  
  Malfunction or bug: Sometimes, the app or device might experience a malfunction or bug that results in permissions being disabled.

What should I do next?

• Check the app's settings
  Check the app's settings for disabled permissions or power-saving settings that may be affecting the app's functionality. Enable the permission manually if it has been disabled.
  
  
  
• Adjust power-saving settings
  To prevent the feature from turning off due to power-saving settings, adjust the app's settings to disable any power-saving modes or allow the app to continue running in the background.
  
  
  
• Update the app or device
  Updates to apps or devices can disable permissions, so make sure to keep your apps and device up to date to avoid any issues that may cause features to be turned off.
  
  
  
•  Address security concerns
  If the feature is turned off due to security concerns, review the app's permissions and limit access to only necessary features. Install a security app to scan for threats.
  
  
  
• Contact customer support
  If the issue persists, users can contact the app or device manufacturer's customer support for assistance in restoring the disabled feature or permission.

Have you encountered this problem before?

Join the discussion!

Sign in or create an account.

Everything is on the Internet; everything under and beyond the sun. The Internet became the center of our personal connected universe. From online shopping to social media, Internet allows us to connect, communicate, and access information easily.

We rely heavily on the Internet for our day-to-day activities. This poses a perfect moment for malicious content creators to cast their nets. Behold the rise of fake and fraudulent websites. These websites are carefully designed to trick unsuspecting users into giving their sensitive information or making financial transactions. These fraudulent websites have many faces and forms; they can harm you with identity theft, financial loss, malware infection, and reputation damage.

Fraudulent websites are often created with the intention of stealing personal or financial information or tricking users into downloading harmful software. It is important to be aware of the dangers posed by fraudulent websites and to take steps to protect yourself against them.

How to Spot Fraudulent Websites

1.  Check the domain name closely. Fraudulent websites often use a domain name that looks or sounds similar to a well-known brand or product name but with slight variations or misspellings.
   
   
2. Look for a padlock icon and "https" in the URL. This assures that the website uses encryption to protect your data.
   
   
3. Check for spelling mistakes, grammar issues, and unusual text formatting, as these can be signs of a fraudulent website.
   
   
4. Be cautious of messages that are urgent, threatening, or seem too good to be true, as this is a common tactic used by scammers.
   
   
5. Look for contact information on the website, such as a physical address, phone number, and email, as legitimate websites will usually provide this information.

How to protect yourself.

1. Keep your browser and operating system up to date.
   
   
2. Use strong and unique passwords and multi-factor authenticator. Use a password manager to securely store and manage your passwords.
   
   
3. Be cautious. Do not click on links or download attachments from unknown or suspicious sources. Use the Trend Micro Toolbar, it will warn you about security risks with the websites you try to visit.
   
   
4. Review and adjust the privacy settings of your social media accounts and other online profiles. Use a Privacy Scanner to scan your web browsers for privacy risks to ensure your personal information stays private and protected.
   
   
5. Install anti-malware software and keep it up to date: Anti-malware software can detect and remove malicious software, including malware that may have been downloaded from fraudulent websites.
   • For Desktop Internet Browsing protection:
     • Security for Microsoft Edge 
     • Security for Google Chrome 
     • Maximum Security 
     • Antivirus for Mac 
   • For Mobile Internet Browsing Protection:
     • Mobile Security for Android 
     • Mobile Security for iOS

How can I report fake sites?

• Report the site to the relevant authorities: Depending on the nature of the fraud, you may need to report the site to the Federal Trade Commission (FTC), the Internet Crime Complaint Center (IC3), or other relevant agencies.
  
  
• Report the site to your browser or search engine: Many browsers and search engines have mechanisms in place to report phishing and other fraudulent sites.
• Warn others: Share the fraudulent website's URL and any relevant details on social media, online forums, or other platforms to help warn others about the scam.

Keep Safe with Trend Micro Check 

• NEVER use links or buttons from unknown sources! Use Trend Micro Check to detect scams with ease: Trend Micro Check is an all-in-one browser extension and mobile app for detecting scams, phishing attacks, malware, and dangerous links — and it’s FREE!